class101
03-03-06, 19:19
"The only model that makes no sense to me is the altruistic model. The vendor wants the researcher to do his code review for free and that doesn't quite fly. They are profiting from the vulnerability information but they don't want to pay for it," Sutton said.
Sutton said it was strange that Microsoft offers $250,000 as a bounty to help capture a virus writer, but balks at paying for the information that would stop the propagation of the virus.
Me on this case I'm with Mr Sutton, this simply push the speed on the discovery of highest threat on applications supposed secured. At least in my case, if the responsible programs weren't existing, MS would probably have acquired my informations for free but so far after the bad guys.
http://www.eweek.com/article2/0%2C1895% ... 9%2C00.asp (http://www.eweek.com/article2/0%2C1895%2C1928389%2C00.asp)
Sutton said it was strange that Microsoft offers $250,000 as a bounty to help capture a virus writer, but balks at paying for the information that would stop the propagation of the virus.
Me on this case I'm with Mr Sutton, this simply push the speed on the discovery of highest threat on applications supposed secured. At least in my case, if the responsible programs weren't existing, MS would probably have acquired my informations for free but so far after the bad guys.
http://www.eweek.com/article2/0%2C1895% ... 9%2C00.asp (http://www.eweek.com/article2/0%2C1895%2C1928389%2C00.asp)